578.4 Flashcards
What is Human operated ransomware?
HOR is a class of ransomware attacks where the adversary penetrates the network and tailors operation to the victim.
Threat Intelligence Platforms (TIPs)
MISP Threat_Note CRITs ThreatConnect ThreatQuotient Anomali EclecticIQ
What does MISP stand for?
Malware Information Sharing Platform.
Has a focus on IOCs and automation. Supports multiple formats to support. Open source with optional fees for professional support.
MISP has a strong usage in Europe due to a number of CERT’s active involvement.
Best practices of storing threat intel infos
- Make a common format
- Make the method scaleable
- Make the method secure
- Make the method shareable
Logical fallacies (logische Irrtümer)
Logical fallacies are flaws in reason. They often appear in cyber threat intelligence assessments. There are two main types:
- Anecdotal Fallacy
- Appeal to Probability
They occur when arguments do not logcially make sense.
Fallacies: Anecdotal Fallacy
Personal Experience is used over Compelling Evidence.
“I worked an incident like this before and it was China, so your analysis that it’s not must be wrong”.
Fallacies: Appeal to Probability
Making a determination based on what’s most likely the case.
“Russia is hacking everything these days, so the intrusion is likely Russia based”.
Common CTI informal fallacies
- Appeal to the stone
- Argument from Silence
- Argument from repetition
Others:
- Burden of Proof
- Middle Ground
Fallacies: Appeal to the stone
Identifying a claim as absurd without any proof to dismiss it.
“That’s absurd to think that the US would compromise an allied government. Let’s move on.”
Fallacies: Argument from Silence
Accpeting a conclusion due to lack of evidence against it.
“I have proof it wasn’t the UK and no proof it wasn’t Germany. So, I assess it was Germany.”
Fallacies: Argument from Repetition
Arguing so much that eventually people accept the conclusion to end it.
“We’ve been here for five hours; fine, Iran did the attack.”
Fallacies: Burden of Proof
Requiring someone to disprove someone else’s claim instead of requiring proof.
Fallacies: Middle Ground
Making a compromise between two points an accepted truth.
Bias - Cognitive Biases
Cognitive Biases (Voreingenommenheit) are constraints on how we as analysts think that influence incorrect decisions and assessments. They allow analysts to create their own version of reality where inaccurate judgments and illogical interpretations occur.
Bias - Mirror Image
Common bias that forms when you analyze a situation, person or entity with your context, background, experiences, etc. instead of theirs.
Bias - Anchoring / Focusing
Overvaluing one piece of information. Forces an analyst to be unable to seek new information or analyze competing information.
Bias - Confirmation bias
Selectively supporting one hypothesis. Reject refuting evidence. Greater significance to supporting data, lesser significance to contradicting data.
Bias - Congruence Bias
- Form of confirmation bias
- Maps to competing Hypotheses
- Failure to consider alternative hyptotheses
- Risk when hypothesis fits well